--- loncom/interface/createaccount.pm 2015/01/09 15:41:49 1.69 +++ loncom/interface/createaccount.pm 2016/02/17 19:15:48 1.71 @@ -4,7 +4,7 @@ # kerberos, or SSO) or an e-mail address. Requests to use an e-mail address as # username may be processed automatically, or may be queued for approval. # -# $Id: createaccount.pm,v 1.69 2015/01/09 15:41:49 raeburn Exp $ +# $Id: createaccount.pm,v 1.71 2016/02/17 19:15:48 raeburn Exp $ # # Copyright Michigan State University Board of Trustees # @@ -389,6 +389,7 @@ sub javascript_setforms { } if (@required) { my $missprompt = &mt('One or more required fields are currently blank.'); + &js_escape(\$missprompt); my $reqstr = join("','",@required); $requiredchk = <<"ENDCHK"; var requiredfields = new Array('$reqstr'); @@ -430,7 +431,7 @@ $requiredchk initkeys(); server.elements.upass.value - = crypted(client.elements.upass$now.value); + = getCrypted(client.elements.upass$now.value); client.elements.uname.value=''; client.elements.upass$now.value=''; @@ -443,6 +444,7 @@ $setuserinfo } return false; } + // ]]> ENDSCRIPT @@ -452,8 +454,10 @@ ENDSCRIPT sub javascript_checkpass { my ($now,$context) = @_; my $nopass = &mt('You must enter a password.'); - my $mismatchpass = &mt('The passwords you entered did not match.').'\\n'. + my $mismatchpass = &mt('The passwords you entered did not match.')."\n". &mt('Please try again.'); + &js_escape(\$nopass); + &js_escape(\$mismatchpass); my $js = <<"ENDSCRIPT";